nwbind: return proper console privilege status
All checks were successful
Source release / source-package (push) Successful in 50s
All checks were successful
Source release / source-package (push) Successful in 50s
Replace the old Check Console Privileges TODO with the documented NCP 23/200 behavior. The call has no reply data and reports authorization solely through the completion code. Return success for supervisor-equivalent connections and 0xc6 for callers without console operator privileges instead of accepting all callers. MARS-NWE does not currently maintain a separate console-operator list, so map console privileges to the existing supervisor-equivalence flag computed at login time. No queue or file service behavior change.
This commit is contained in:
Mario Fetka
33
src/nwbind.c
33
src/nwbind.c
@@ -463,6 +463,18 @@ static void get_login_time(uint8 login_time[], CONNECTION *cx)
|
||||
login_time[6] = s_tm->tm_wday;
|
||||
}
|
||||
|
||||
|
||||
static int has_console_privileges(CONNECTION *c)
|
||||
/*
|
||||
* NCP 23/200 only tells the client whether the current connection has
|
||||
* console operator privileges. MARS-NWE does not currently maintain a
|
||||
* separate bindery/NDS console-operator list, so map this to the same
|
||||
* supervisor-equivalence flag that is already computed at login time.
|
||||
*/
|
||||
{
|
||||
return(c && c->object_id && (c->id_flags & 1));
|
||||
}
|
||||
|
||||
static int build_login_response(uint8 *responsedata, uint32 obj_id)
|
||||
{
|
||||
uint8 pw_name[40];
|
||||
@@ -1820,13 +1832,20 @@ static void handle_fxx(int gelen, int func)
|
||||
}
|
||||
}break;
|
||||
|
||||
case 0xc8 : { /* CHECK CONSOLE PRIVILEGES */
|
||||
/* to use fileserver service functions */
|
||||
XDPRINTF((1, 0, "MAKE BETTER: CHECK CONSOLE PRIV (M@K)"));
|
||||
/* !!!!!! TODO completition=0xc6 (no rights) */
|
||||
if (!(act_c->id_flags&1))
|
||||
completition=0; /* no rights (M@K) */
|
||||
// completition=0xc6; /* no rights */
|
||||
case 0xc8 : { /* Check Console Privileges */
|
||||
/*
|
||||
* NCP 23/200 has no reply data. It succeeds when the
|
||||
* connection has console operator privileges and returns
|
||||
* 0xc6 (No Console Rights) otherwise.
|
||||
*/
|
||||
if (has_console_privileges(act_c)) {
|
||||
XDPRINTF((2, 0, "Check Console Privileges user=0x%x result=0x0",
|
||||
act_c->object_id));
|
||||
} else {
|
||||
XDPRINTF((1, 0, "Check Console Privileges user=0x%x result=0xc6",
|
||||
act_c ? act_c->object_id : 0));
|
||||
completition=0xc6;
|
||||
}
|
||||
} break;
|
||||
|
||||
case 0xc9 : { /* GET FILE SERVER DESCRIPTION STRINGs */
|
||||
|
||||
Reference in New Issue
Block a user